Jump to content

Archived

This topic is now archived and is closed to further replies.

ryanh_106

Validating SQL

Recommended Posts

Hi, sorry if this is a noddy question but I am pretty new to reg exps

I want to check that an SQL statement is of the form
INSERT INTO table (cols) VALUES (values)
and not
INSERT INTO table (cols) VALUES (values), (morevalues), (moreagain)

i.e. Only one set of values is being used (nobody has injected an extra row in there)

but when I imagine how the regexp would look i can only imagine something like (.*) which could still be "(x), (y), (z)"

How does this work?
Cheers
Ryan

Share this post


Link to post
Share on other sites
you should not be allowing users to inject mysql!

any data you process from a form should be checked to see if they are trying to inject - using mysql_escape_string or mysql_escape_real_string are what you need.

Share this post


Link to post
Share on other sites
:-[ ???

Where did I say I wanted to let them inject SQL??? That would just be stupid, I am trying to check they ARENT injecting.

I was interested to know how this could be checked using reg exps (aswell as the mysql functions)

Share this post


Link to post
Share on other sites
Where did I say you were wanting them to insetr mysql? I sadi you shoudl not let them - by that I mean your code shoudl be such that youare protected against injection....

So I will accept your apology before you offer it  ;)

There is no point in reasearching what regex you will need to perform thsi task - it will be less efficient and less effective than the already availbe, built for purpose functions.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.